07-02-2020 08:08 AM
Hello
For the same application, I have several links and ports (https://application.intra.mydomin.corp:8530/toto, https://application.intra.mydomin.corp:8130/titi, https://application.mydomin.corp:8530/toto,..) and I would like to create a rule and specify the application and not a rule based on the protocol.
How I can create a custom application who match with my example ?
BR
07-02-2020 01:45 PM
Some help with creating a custom application signature you can find here in this knowledgebase article: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClOFCA0
With your example:
Do you have TLS decryption enabled? If not, you will only be able to filter based on the fqdn. What you could do also - instead of creating a custom app - is using a custom url category and simply use this custom url category in your security policy rule (this does not require URL filtering license).
Regards,
Remo
07-02-2020 01:57 PM
Hello
My goal is to create an generic signature because my application has not always the sale fqdn but I have always the /toto or /titi after (application1.intra.domain.corp/toto, application1.intra.domain.corp/titi, application1.ext.domain.corp/toto,...). Is it possible and how I can create a signature based on *.intra.domain.corp/toto or *.intra.domain.corp/titi or *.ext.domain.corp/toto?
BR
07-02-2020 11:47 PM
I forgot to precise : our application uses differents port such as application1.intra.domain.corp/8085/toto, or application1.intra.domain.corp:8585/titi or application1.ext.domain.corp/8085/toto..
BR
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
